Telegram malware scams have risen 2000% in the last 2 months: Scam Sniffer

Source Cryptopolitan

Web3 anti-scam platform ScamSniffer has reported a sizable increase in malware scams on Telegram’s social messaging platform. According to the firm, Telegram group malware scams increased by 2000% between November 2024 and January 2025.

This new form of attack started gaining prominence in late 2024 and continues to grow alarmingly. With this tactic, bad actors use fake groups and verification bots to distribute malware that can access users’ devices and steal their assets.

Telegram Groups malware
Telegram malware groups are increasing rapidly. Source: Scam Sniffer

These fraudulent groups, usually advertised as exclusive alpha, airdrop, or trading groups, lure users to execute malicious code or install fake verification software to join the channel. Once executed, these codes and software allow the bad actors full access to users’ devices, where they can collect sensitive information to steal users’ assets.

Scam Sniffer wrote:

“Once you execute their code or install their “verification” software, they can access your passwords, scan for wallet files, monitor your clipboard, and steal browser data.”

While it is hard to determine how much has been lost to this new attack vector, Scam Sniffer noted the increase in the number of such scams, which suggests that it is working.

Malware attacks come in multiple variants 

Telegram malware scams have several variants that muddle up the waters for users. In one variant, the attackers ask users to input their phone number and login code for verification instead of executing any code or installing software. However, the phone number and login code give them access to the users’ Telegram accounts and allow them to take control.

Beyond using Telegram, the attackers also execute the same tactic using fake Cloudflare verification pages that deploy malicious code to the clipboard. The fake page usually contains a prompt asking for extra verification and requesting a user to run the Windows + R command. If successful, the malware becomes part of the device and is added to Windows startups.

With these bad actors using several variants of the same scam, security experts have called on users to be more cautious about what links they click and the software they install. Scam Sniffer noted that most of this malware usually contains invites promising users they do not need to sign anything or connect their wallet, while some also ask users to join groups for real-time updates.

The firm identified some fake bots that scammers use, including OfficialSafeguardRobot,  SafeguardsAuthenticationBot, and safeguardoff_bot. All these bots have naming similarities with real verification bots, with subtle misspellings and changes to mislead users.

Given that the full scope and impact of these new scam tactics remain unknown, experts noted that the best protection is for users to never run an unknown command, install unverified software, or use clip-based verification. As Scam Sniffer observed, no genuine crypto project requires users to run a code before they can join a group.

Shift to Telegram malware due to users’ awareness of phishing 

Scam Sniffer claims that bad actors adopted these new tactics because users are now more aware of traditional phishing tactics. Although phishing continues to result in significant losses, with almost $500 million lost in 2024, the security firm noted that regular phishing incidents have remained stable over the past two months.

Beyond their novelty, Telegram malware scams have a more devastating impact. This malware gives attackers more access to users’ devices, enabling them to hack multiple wallets and wreak more havoc using the sensitive information they glean from victims’ devices.

Interestingly, hackers are not just impersonating crypto influencers to market their fake groups. They are also using fake pages of legitimate crypto projects to target communities and invite them to join groups. Scam Sniffer identified invites for fake Telegram Groups attributed to projects such as Scoutly, Fridon AI, Build, and Hiero.

From Zero to Web3 Pro: Your 90-Day Career Launch Plan

Disclaimer: For information purposes only. Past performance is not indicative of future results.
placeholder
ADP Employment Change projected to show US job growth slowing in FebruaryThe US labor market is set to take center stage this week as fresh concerns mount that the economy may be losing its momentum — a sentiment echoed by recent slower growth and worrisome fundamental data.
Author  FXStreet
Mar 05, Wed
The US labor market is set to take center stage this week as fresh concerns mount that the economy may be losing its momentum — a sentiment echoed by recent slower growth and worrisome fundamental data.
placeholder
Nvidia stock sinks 4% as Trump’s tariff plans rattle AI tradeNvidia shares fell over 4% early Monday after US President Donald Trump delivered a stern message about trade tariffs. Trump said on Sunday that no country would be given any special treatment regarding tariffs. He also signed new trade policies into effect on April 2, which he calls “Liberation Day.” This frightened investors, who had […]
Author  NewsBTC
Yesterday 01: 15
Nvidia shares fell over 4% early Monday after US President Donald Trump delivered a stern message about trade tariffs. Trump said on Sunday that no country would be given any special treatment regarding tariffs. He also signed new trade policies into effect on April 2, which he calls “Liberation Day.” This frightened investors, who had […]
placeholder
XRP Price Set For ‘Hot’ April With Low Fibonacci Levels And High $5-$8 TargetThe past 24 hours have been challenging for XRP holders. A sharp 5.8% decline in price has brought the asset close to testing critical support around $2, with selling pressure currently dominating XRP’s trading volume. The sentiment is turning bearish, but one analyst is confident in the cryptocurrency’s long-term trajectory, predicting that the altcoin is […]
Author  NewsBTC
Yesterday 01: 54
The past 24 hours have been challenging for XRP holders. A sharp 5.8% decline in price has brought the asset close to testing critical support around $2, with selling pressure currently dominating XRP’s trading volume. The sentiment is turning bearish, but one analyst is confident in the cryptocurrency’s long-term trajectory, predicting that the altcoin is […]
placeholder
Gold price hits new all-time high ahead of Trump’s reciprocal tariffsGold price (XAU/USD) edges higher again for a second day this week and for the first day of the second quarter of 2025.
Author  FXStreet
Yesterday 10: 38
Gold price (XAU/USD) edges higher again for a second day this week and for the first day of the second quarter of 2025.
placeholder
Gold price remains close to record high amid concerns over Trump’s reciprocal tariffsGold price (XAU/USD) attracts some dip-buyers during the Asian session on Wednesday and stalls the previous day's modest retracement slide from a fresh record high.
Author  FXStreet
7 hours ago
Gold price (XAU/USD) attracts some dip-buyers during the Asian session on Wednesday and stalls the previous day's modest retracement slide from a fresh record high.
goTop
quote